Phishing Scams: FBI Says Businesses Have Lost $5 Billion In Phishing, Social Engineering Attacks
An advisory issued by the Federal Bureau of Investigation warns that Business Email Compromise (BEC) attacks are on the rise and have resulted in billions of dollars being stolen from businesses worldwide.
According to the FBI, there have been 40,203 BEC attacks reported in the last three years, resulting in affected businesses losing more than $5.3 billion. Attacks have increased exponentially in the last two years, with a 2,370 percent increase in identified losses taking place between January 2015 and December 2016.
Read: Google Docs Phishing Scam: Email Attack Hijacks User Accounts By Posing As Google Docs
Scams have been reported in all 50 states in the U.S. and 131 countries in total. More than three-quarters of a billion dollars was stolen from businesses around the world in the final six months of 2016 alone.
The FBI warns that most of the BEC attacks are carried out in one of two ways: computer intrusion or social engineering.
In the case of computer intrusion, a hacker may find his or her way into a company’s computer system and compromise a device, or may gain access by stealing account credentials through phishing email scams.
Social engineering efforts are less technical and also more difficult to detect. These types of attacks are designed to target a person’s normal routine so as to not alert the victim as to what is happening. It can come in the form of an email or spoofed phone call, or can even simply scrape information from a person’s social media profile that may provide answers to security questions or hints to passwords.
According to data provided to International Business Times by security firm Proofpoint, two-thirds of all BEC attacks used spoofed email addresses to make it appear a fraudulent email was coming from a legitimate source.
The firm also found that more than 70 percent of BEC subject lines use the terms “urgent” “payment” or “request.” This aligns with the FBI’s warning that BEC attacks will often send phishing emails asking for details about the business or individual being target.
The FBI said it is “largely unknown how victims are selected,” but noted attackers often monitor a subject’s behavior before carrying out the scam. The agency advised those at risk to keep job-related information posted on social media to a minimum, treat unsolicited email as junk or spam, and use two-factor authentication to prevent unauthorized logins.
The agency also advised businesses to establish their own domain and email service rather than rely on free options, invest additional resources into information and financial security protocols, and to create intrusion detection system to flag emails that attempt to spoof the company domain.
Prevention is the most efficient way to combat BEC attacks, because once they are carried out, it can be difficult to discover the source responsible for the break in. The FBI reports financial data suggests most of the fraudulent funds land in banks in China and Hong Kong, but financial institutions in the United Kingdom have also received stolen funds.
© Copyright IBTimes 2024. All rights reserved.